Creating a Playbook From a Template

Create playbooks using the templates provided by Trend Micro.

This task uses the Run Custom Script template as an example to illustrate how to create playbooks from templates.

  1. Go to Workflow and Automation > Security Playbooks.
  2. On the Playbooks tab, choose Add > Create from template.
  3. Select Run Custom Script and click Create Playbook from Template.
  4. On the Playbook panel, specify the playbook name and type, and then click Apply.
  5. Configure each playbook node by clicking the settings icon () in the upper-right corner of the node (except for the manual approval node).

    For the description of each playbook node, see Playbook Nodes.

    1. Specify the playbook node name.
    2. Configure other node settings.

      Node Type

      Settings

      Trigger

      Configure the trigger settings by selecting a trigger type from the Type drop-down list.

      • Manual (default): Manual trigger allows you to start a playbook by clicking the Run icon ().

      • Scheduled: Scheduled trigger allows you to schedule a playbook to run daily, weekly, or monthly.

      Condition

      Configure the playbook execution criteria.

      1. Select an operating system from the Operating system drop-down list.

      2. Select an endpoint type from the Endpoint type drop-down list.

      3. Specify the IP address or IP range of the target endpoints in the Target IP address or range text box.

        An IP range requires wildcards. For example: 10.1.*

      Action

      Configure action settings for the Notify specified recipients and Notify SOC about results actions.

      1. Select a notification method from the Notification method drop-down list.

      2. Type a subject prefix that appears in front of the email subject in the Subject prefix text box.

      3. Select email recipients from the Recipients drop-down list.

      Configure action settings for the Run custom script action.

      1. Select a script file type from the File type drop-down list.

      2. Upload a script file from your local by clicking Upload. Then select your script file from the File drop-down list.

      3. (Optional) Type the parameters if your script requires an additional input.

      4. (Optional) Specify a description for the action.

      Manual approval

      Select whether the action following this node requires manual approval before being performed.

      Note:

      Make sure you approve or reject the action within 24 hours of the current execution. Actions pending for manual approval over 24 hours expire and do not apply to the targets in the playbook.
    3. Click Apply.
  6. Enable the playbook by toggling the Enable control on.
  7. Click Save.

    The playbook appears on the Playbooks tab in the Security Playbooks app.

Parent topic: Security Playbooks